Stable TVL Plunges 62% After Emergency Withdrawal Warning Due to Former CTO’s Alleged North Korean Ties
Stabble, a decentralized crypto exchange on Solana, experienced a significant loss of 62% of its total value in a single trading session on Tuesday. This drastic drop was a result of the protocol’s new management team issuing an emergency withdrawal notice, reducing its TVL from approximately $1.75 million to less than $663,000 in a matter of hours, according to DeFiLlama data.
The drawdown was protocol-driven and not attacker-controlled, making it an unusual but measurable risk event in its own right. The triggering condition for this event was the identification of a suspected North Korean agent, working under the name Keisuke Watanabe, as Stabble’s former chief technology officer. This individual reportedly held the role until 2025.
The new management team, which had taken control of the protocol about four weeks earlier, issued a clear warning to users at 9:34 a.m. ET, about seven hours after ZachXBT’s identity was publicly revealed. Key takeaways from this incident include:
- Stabble’s TVL plunged 62% within hours of the emergency alert on April 7, 2026 – from $1.75 million to below $663,000.
- On-chain investigator ZachXBT identified Stabble’s former CTO, who went by the name Keisuke Watanabe, as a suspected North Korean agent.
- No exploit or monetary breach has been confirmed; The new Stabble team is conducting audits and requesting full withdrawal of liquidity as a precautionary measure.
- The warning follows a pattern of DPRK-related IT infiltration that has been documented across the DeFi sector for at least seven years.
Former CTO Tagged as DPRK Employee – What the Architecture Reveal Actually Means
The structural risk in this scenario is not a live exploit – it is the possibility of dormant backdoors, compromised key management infrastructure, or embedded logic in smart contracts written or audited by a state-affiliated actor with undisclosed access. A former CTO would have had direct write access to the core protocol code, management keys, and visibility into the entire contract architecture during the development phase.
Stabble’s new team did not disclose whether mechanisms were in place to update smart contracts and whether the former CTO continued to have the authority to sign multiple signatures after the transition. The team confirmed that it is conducting audits to assess the full scope of the compromise.
The developer also reportedly worked on Elemental, a related Solana DeFi project – a detail that expands the potential attack surface beyond Stabble’s own liquidity pools and into the connected protocol infrastructure. At the time of publication, no exploit has been announced on either platform.
New Stabble Crypto Team Issues Emergency Alert
The public reaction from the Stabble team was direct and clear. The team issued a statement saying, “EMERGENCY ! Guys, please temporarily withdraw your liquidity immediately! It’s better to be safe than sorry.” This statement carries operational weight precisely because it comes from new management – quants and early DeFi participants by their own description, not communications professionals managing the narrative.
In a follow-up post, the team’s stance was clarified: “We received a message and are acting on it. Our primary focus is the security of our LPs. We are not PR people, we are quants and early DeFi evangelists. We listen to you and your feedback is important.” The message prioritized LP capital protection over protocol optics – a defensible position given the confirmed identity of the former CTO.
For more information on this incident and its implications for the DeFi sector, visit https://cryptonews.com/news/stabble-solana-liquidity-withdrawal-north-korean-hacker/
